Kaspersky Server
Latarsha Dorrance
Kaspersky Security for Windows Server was developed specifically to protect complex networks and ensure that valuable corporate resources are efficiently secured. With prompt threat detection and response and exceptional resilience, together with launch control and exploit prevention against emerging threats, it delivers advanced server protection to businesses of all sizes.
Based on Kaspersky Lab's unique HuMachine framework, Kaspersky Security for Windows Server's multi-layered threat protection system detects all types of malware, including advanced, sophisticated and emerging threats. Despite its power, it has minimal impact on server performance and provides different optimization capabilities depending on server role (for example, by configuring application priority or excluding business-critical trusted processes from scanning).
Kaspersky Security for Windows Server comprises a powerful Exploit Prevention mechanism that protects process memory from exploits. It watches over protected processes and prevents attempts to exploit unpatched or even zero-day vulnerabilities in system components and applications.
The most reliable resilience against data breaches is attained by implementing the Default Deny scenario using Application Launch Control. By prohibiting the use of any application other than trusted system components and specified programs or services, most malware types are automatically blocked from starting. Together with Device Control running in Default Deny mode ruling out the use of any unsolicited storage, these components considerably reduce the attack surface and boost the security of the server protected by Kaspersky Lab.
Making sure critical system components and processes (as well as mission-critical applications) remain intact is as important for the server's smooth functioning as for the security of the sensitive data processed on it.
Kaspersky Security for Windows Server takes care of this, providing features such as File Integrity Monitor and Log Inspection which help to not only prevent unwanted changes to the system but also to detect certain indicators of a security breach and complying with a number of regulations such as PCI/DSS.
The rapid spread of Docker-based container virtualization requires specific protection, taking into account containers using the same kernel as other server processes. Kaspersky Security for Windows Servers secures Windows Server containers, making sure that compromised containers you may encounter won't harm your business
This new system delivers traffic malware filtering, web links verification and web-resource control, based on Kaspersky categories for any external system supporting the ICAP protocol like proxy servers, storage or any other ICAP-supporting system.
Kaspersky Security for Windows Servers supports a wide range of storage systems from the most prominent vendors, including Hitachi, EMC, IBM, Dell, Oracle and NetApp. It supports both on-access scanning (when a launched file is modified) and on-demand scanning (either by request or scheduled). For NetApp Storage, unique Anti-Cryptor functionality is available. This technology secures data on NAS shares from ransomware and blocks any attempt to encrypt data on storage from any connected host machine with running crypto-malware.
Kaspersky Lab products were one of the first to offer dedicated protection of endpoints from encrypting ransomware. Servers are rarely attacked directly, but with cryptors now becoming a pandemic, they regularly suffer from remotely initiated encryption of the data stored on file shares.
Kaspersky Security for Windows Servers contains a unique anti-cryptor mechanism capable of blocking encryption of files on shared resources from a malicious process running on another machine on the same network. This system constantly watches over the protected shared folders, tracking the state of the stored files. As soon as encryption activity is detected, the system blocks the attack source machine from accessing the server, stopping the encryption process and preventing the loss of corporate data. This functionality is available for Windows and NetApp storage systems.
Notifications can be sent to administrators via messaging service or email. Kaspersky Security for Windows Server is integrated with Simple Network Management Protocol (SNMP) and can operate with System Center Operations Manager (SCOM). Alternatively, monitor operations by reviewing Microsoft Windows or Kaspersky Security Center event logs.
Kaspersky Security for Windows Server provides integration capabilities for different SIEM systems. The application can convert events in application logs into formats supported by the syslog server so that those events can be recognized and imported into a SIEM. The application supports conversion into structured data format and into JSON format.
To improve the convenience of server security management, Kaspersky Security for Windows Servers allows the configuration of the local Windows firewalls of your servers directly from the unified console of Kaspersky Security Center.
Next Generation IT security and management to protect against every type of threat your business faces. Agility, efficiency and control for endpoint protection that's pioneering, flexible and ready to scale.
I recently updated Kaspersky Security Center to 10.5.1781 and found it was handling manual installations of software much better than previous versions, as well as much more reliable interaction with KES 11 vs prior versions.
It installed /most/ of the patches on 14 computers. It then waited 5 hours, and installed Most of the patches on one new computer. then waited 18 hours and installed some patches on another machine, then 10 hours later, another machine got partially patched. then 8 hours later, another machine. then 2 hours for another, and then 9 hours later, another set of patches.
The task was scheduled to run at 11:00 PM friday night, with a 120 minute completion time set on the task. Those first 14 machines completed the patches given by 11:30. Why did it take 2 more days to do 6 more computers, and skip some patches on most of the machines?
Kaspersky Security Center maintains a a Software Vulnerabilities list , and a separate Software Updates list. Everything that is present in the Vulnerabilities list is also in the Software Updates list. The updates that were not installing were listed in the Vulnerabilities.
Some of the configuration that he said was absolutely necessary to function directly contradicts the documentation, and operational history with the software- which was initially configured BY a Kaspersky support tech.
I dont know yet. The scheduled task runs late friday night so as not to interfere with any work left open during the week. I did end up turning on options in the Install Updates task that is specific to vulnerability patches, but I dont know if those are required, or if they are just filters.
From the Software Updates section, You have to manually add the individual updates to the the update task(s). If you have a separate management groups, the updates must be added to an update task located in each group (or one in the parent folder under Managed Devices.
The Perform Windows Update Synchronization task is required if you wish to deploy any MS patches from the Kaspersky Server (AKA using the Kaspersky Server as a WSUS server) without deploying them as a manually MSI or some other odd workaround.
If you run the Quick Setup in KSC 10 or 11, it prompts you for how updates are configured. If you select KSC is being used as a WSUS server, then the task is created. If you select the option to use a different update server, then the task is NOT created. In KSC 8, this was not an option presented by the Quick Setup process.
The Windows update management in KSC 10 and 11 allows you to set the workstations to check for updates directly from microsoft without installing them. KSC can then manage the installation through the network agent by pulling the updates straight from microsoft to the workstation.
The issue was that the eastern european tech support that called me was giving inaccurate information based off documentation that was years old, and insisted that it could only be configured one way or they wouldnt support it.
The Perform Windows Update Synchronization task ONLY functions if the KSC server is acting as a WSUS source. Otherwise it will error out and not run at all because the WSUS components are not present. I have demonstrated this to Kaspersky engineers twice.
c80f0f1006